How to configure mapping in a translucent proxy LDAP
I'm trying to determine if the following can be done with openLDAP using a translucent proxy LDAP.
My group would like to authenticate to my company's LDAP. The corporate LDAP isn't running openldap and my only access is with authentication and anonymous reads. Using command line tools and Python LDAP, I've been able to interface to it without any issues. However the company's LDAP is v1 (for now) which could be an issue with the back_ldap module.
I'd like to configure my own LDAP so that I can support Linux user and group information, the sudo permission, and host access as well as SAMBA permissions.
How can I configure my openLDAP server so that I can use a DN that isn't associated with the company LDAP's DN? And when I want to authenticate a user with the DN I've specified, LDAP will map that DN to the appropriate corporate DN. For example, my company has user DNs such as:
dn: compid=(1012345) ORG1,ou=People,ou=organization1,o=parent_company.com
dn: compid=(2012345) ORG2,ou=People,ou=organization2,o=parent_company.com
Since my group supports both organizations, I'd prefer to have my own schema with a DN such as "dc=my_group" and leave it rather simple.
So I was hoping to create entries supported by the pam_ldap and libnss-ldap and hope I could configure openLDAP to map my entries to the company's LDAP.
I'm not an LDAP expert, but I've spent a good while configuring an isolated server to support several Linux clients. However now I'm being asked to authenticate to the company's LDAP.
Thanks,
Paul
|